Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training,
learning paths, books, tutorials, and more.

Declarative Security Framework

WCF security is truly a vast topic. The number of details to master is daunting, and
intricate relationships exist between the various aspects. The programming model is very
complex, and at first you're likely to have an inescapable feeling of navigating a maze. To
make things even worse, getting it wrong has severe implications both at the application and
the business level. To simplify things, I came up with a declarative security framework for
WCF. For the service, I have provided a security attribute (with matching support for the
host), and for the client I have provided a few helper classes and secure proxy classes. My
declarative framework grossly simplifies WCF security configuration, placing it on a par
with other aspects of WCF configuration such as transactions and synchronization. My goal
was to provide a declarative model that would be simple to use and would minimize the need
to understand the many details of security. As a developer, all you need to do is select the
correct scenario (out of the five common scenarios discussed in this chapter), and my
framework will automate the configuration. Not only that, but my framework mandates the
correct options and enforces my recommendations. At the same time, my model maintains
granularity and allows developers to control the underlying configuration if the need
arises.

The SecurityBehaviorAttribute

Example 10-19 lists the definition of the
SecurityBehaviorAttribute and the ServiceSecurity enum. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training,
learning paths, books, interactive tutorials, and more.